As the Black Hat security conference is going on this week we will be covering a lot of the exploits they find. We have already talked about the SCDA vulnerability, how cars with remote lock/unlock/start are vulnerable and even touched in HTML5 and mobile phone exploits. Now we hear confirmation of something we have known for a while: Apple’s OSX server is not secure.
Experts at the security firm Isec have shown that while individual systems can be secured (the called them islands) once you put the OSX server in play it is “two notches above trivial” to compromise the whole network. Isec showed this off by executing a local DNS exploit that allowed them to scavenge admin credentials and then gain full admin access to the network.
All was not bad news for Apple fans; Isec also said that OSX Lion now “matches” Microsoft’s Windows 7 for local permissions elevation protection and anti-exploit protection. Isec also went on to say that Apple’s marketing has been training consumers to feel safe when using Macs which actually makes them more likely to be open to targeted attacks.